[strongSwan] Force a Linux process to route all traffic through IPsec tunnel

pothuganti sridhar pothuganti.sridhar at gmail.com
Sun Jun 26 20:04:51 CEST 2016


I have one Q. Is your deployment is like Server <-> Road warrior Client? OR
normal site to site?
But as per your explanation, your remote looks like to be a road warrior
client. In this deployment, only the traffic destined to VIP of road
warrior client is encrypted and will be sent to the remote. If you want to
route your internet traffic through remote road warrior client, you need to
establish one more tunnel like GRE in the IPSec tunnel. You need to
encapsulate your IP traffic into the GRE and then into the IPSec tunnel.
This might be a probable option foe your case.


On Sun, Jun 26, 2016 at 9:14 PM, Artyom Aleksyuk <artyom.h31 at gmail.com>

> Hello.
> I have an IPsec server running strongSwan which allows several remote
> machines to access a local network (via FARP and DHCP plugins).
> Also I have a remote machine with an IPsec client (strongSwan too).
> I want to force one of the processes running on the IPsec server machine
> to route all it's traffic through the IPsec client. It's still allowed to
> access other machines in the LAN, but Internet traffic should go only
> through the client.
> How can I do this? A server runs Linux kernel version 3.10.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160626/22deaf9b/attachment-0001.html>

More information about the Users mailing list